Solved: I like the OpsCenter idea. I

Chan_backup · ‎09-30-2013

Hi,

I would like to restrict the netbackup admin console access to other users so that they cannot start manual backup, restart, delete, modify etc...but they should have access to verify all the details in activity monitor and policy details.

is there any possiblility to do that, if yes kindly share your inputs.

we are using Netbackup 7.1.0.4

OS : Windows 2008 , let me know if you need any other details.

Thanks

Chan

RamNagalla · ‎09-30-2013

it looks like you need to impliment the NBAC to get your requirement fulfilled..

you can use auth.conf with the help of the java console but it will only resticts the access to specific component but not the persmission level on it.

so you need to impliment the NBAC to give the read access to specifc users.

you can look into below T/N about NBAC

http://www.symantec.com/business/support/index?page=content&id=HOWTO46729

http://www.symantec.com/business/support/index?page=content&id=HOWTO46963

http://www.symantec.com/business/support/index?page=content&id=HOWTO46896

View solution in original post

RamNagalla · ‎09-30-2013

it looks like you need to impliment the NBAC to get your requirement fulfilled..

you can use auth.conf with the help of the java console but it will only resticts the access to specific component but not the persmission level on it.

so you need to impliment the NBAC to give the read access to specifc users.

you can look into below T/N about NBAC

http://www.symantec.com/business/support/index?page=content&id=HOWTO46729

http://www.symantec.com/business/support/index?page=content&id=HOWTO46963

http://www.symantec.com/business/support/index?page=content&id=HOWTO46896

Chan_backup · ‎09-30-2013

Hi Nagalla,

The above link is informative, still i need step by step procedure to configure.

does configuring NBAC impact the backups?

I have desktop or laptop installed with NB Java console, i need to give read permission to that particular user to access the NB console.

Please help me.

Thank you

Marianne · ‎10-01-2013

Java Console cannot be used for granular level control (e.g. read only on policies or ability to cancel backups).

You need to config NBAC for the level of control that you need. It does not affect backups - just administration.

You will find lots of links from this page: http://www.symantec.com/docs/HOWTO46963 for example: See Configuring NetBackup Access Control (NBAC) on standalone master servers

Above doc contains step-by-step procedure.

Please read up on all relevant info before you start, e.g all of these links (and all that seems relevant to you):

See About authorization objects and permissions

See About defining a user group and users

See About determining who can access NetBackup

etc... etc....

Handy NetBackup Links

ontherocks · ‎10-01-2013

Good Information on configuring and using NBAC.

Thanks for sharing Marianne !!!

watsons · ‎10-01-2013

Your question about whether NBAC will impact on your backups.

It will not, if you configure it just using the minimal setup (on master server only) and the setup completes successfully. Otherwise it may affect your backup, but to revert you can always change the USE_VXSS from "Automatic" (or "Required") back to "Prohibited".

Sometimes you may also get catalog backup failed after setting up NBAC, if that's the case check out:

http://www.symantec.com/docs/TECH157230

http://www.symantec.com/docs/TECH166043

Jim-90 · ‎10-01-2013

Use OpsCenter - I think the free version will do the same.

If you go down the NBAC path the first thing you need to know is how to disable it. There is a high probablity you will lock yourself out.

Maurice_Byrd · ‎10-07-2013

I like the OpsCenter idea. I used it to setup access for the Help Desk. For certain clients, they can review backup job status and details. They have access to restore files but not to start, stop, modify, or delete backup jobs or policies.

VOX

I need to restrict the Netbackup admin console access